Hi,
I'm trying to use Apache Drill as a database for providing SQL over S3
parquet files.
Drill is used for serving multi-tenant data for multiple customers.
Since I need to build the SQL string using the REST API I'm vulnerable to
SQL injection attacks.
I do test all user input and close it between apostrophes and
escape apostrophe in the user input by doubling it but I'm still concerned
about optional SQL attacks.
Will adding a different data source (which points to a different folder on
S3) per tenant is something that will have impact on performance? (I might
have thousands of those)
Does it make sense to create the data source on the fly before query?
Is there another way to limit the sent SQL to a specific folder?
Thanks,
Avner
